refine-prompt
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user-provided prompts and has the capability to write the refined output to the local filesystem. * Ingestion points: User prompts provided to the agent for refinement. * Boundary markers: None specified to delineate the input from instructions. * Capability inventory: Filesystem write access to create the .ai/ directory and append to the PROMPT.md file. * Sanitization: No explicit validation or sanitization of the input prompt is performed before it is written to disk.
- [COMMAND_EXECUTION]: The skill requires the agent to perform filesystem operations that could be exploited if the input is malicious. * Evidence: The Persistence section in SKILL.md instructs the agent to create a .ai/ directory and append the refined prompt content to .ai/PROMPT.md.
Audit Metadata